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Summary 

There has been rapid progress in conq)uterization of important documents 
according to the trend of business conputerization in corporations, government and 
other public oflRce. It is expected that in the near future, some of the computerized 
documents must be preserved for more than decades. 

Computerized data is generally different from paper-based documents or 
documents recorded on microfilms in that it is vulnerable to threats of alteration or 
leakage. However, we think it is possible to position electronic documents as legally 
valid and effective documents by countering such threats and by guaranteeing 
originality of the documents, and as a resuh, to truly move from paper-based system. 

Secure storage is a technique utilizing the information security technology 
based on PKI (Public Key Infrastructures), which guarantees originality of electronic 
documents for long periods of time. It has such features as easiness in verifying 
originality of documents due to enq>loyment of a standard framework, and capability to 
keep originality of documents for long periods of time due to possession of a technique 
for extending a validity period. 

Con^juterization has been in progress also in the medical field, and guidelines 
for storing medical records electronically have also been provided. This time, secure 
storage is applied to the electronic medical chart system becoming popular among the 
medical field, and study is made on its validity. 

It is assumed the secure storage will be of benefit to introduce information 
technologies and to move from paper-based system not only in the medical field, but in 
many other fields. 

Application of the secure storage to the electronic medical chart system 

Medical chart data generated at in-hospital clients of local central hospitals, or 
medical chart data generated at electronic medical chart clients of collaborative medical 
facilities and collaborative nursing-care facilities is each transmitted via in-hospital 
medical chart server or electronic medical chart service provider, to the secure storage 
whereby original of the electronic medical charts are stored. The secure storage issues 
and manages electronic certificates to guarantee authenticity of the electronic medical 
charts, fiirther collects secure timestamps and verification information of authentication 
documents to guarantee authenticity of the electronic medical charts for long periods of 
time, and performs extension of digital signatures. 

1. Preface 
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According to the trend of business computerization in corporations, government and 
other pubhc offices, there has been rapid progress in conputerization of important 
documents, such as contract related documents, administrative documents, and 
electronic medical charts. It is not difficult to imagine that in the near fiiture, we are 
obliged to preserve some documents to be computerized for five, ten, thirty years or 
longer term. 

Con^uterized data is generally different from paper-based documents or documents 
recorded on microfilms in that it is vulnerable to threats in terms of security, like 
conputerized data can be easily altered or switched etc. without leaving traces, or 
conqjuterized data is subject to thefts, leakage or eavesdropping in large numbers and in 
secrecy. By countering such threats and by guaranteeing originality of the documents, 
we think it is possible to position electronic documents as legally valid and effective 
documents, and as a result, to truly move from paper-based system. As an effective 
technology for guaranteeing originality, there exists digital signature. According to 
Electronic Signature Law ("Law Concerning Electronic Signatures and Certification 
Services") enforced from April 1, 2001, the effectiveness of the digital signature is 
proved legally. However, the digital signature has several problems as well as its 
eflFect, therefore, it is not possible to guarantee originality of electronic documents for 
long periods of time just by appending digital signature to the electronic document. 

The secure storage technique developed this time is a technique using the 
information security technology based on PKI, like digital signature, and whereby it is 
possible to guarantee originality of electronic documents for long periods of time. 

In this article, it is shown brief description of secure storage, and application of 
the secure storage to electronic medical chart system as an example, 

1 . Necessity of storing electronic documents for long periods of time 

It is required to preserve originals of some docimients, such as various types of 
contracts, administrative documents, and electronic medical charts, for long periods of 
time according to legal or commercial practice. While computerization has been in 
progress, fact is that paper-based media and microfiches have been used for preserving 
documents for long periods of time to meet such requirements, since electronic 
documents have vulnerabihty as shown in the previous chapter. 

To ensure originahty of electronic documents, a scheme is needed to guarantee 
when, and by whom the electronic documents were drafted (or is admitted), and that the 
documents were not altered (these features are in sum referred to as authenticity of 
electronic documents). Digital signature in PKI is regarded as the most promising 
method to ensure authenticity of electronic documents, and legal support for digital 
signature is provided by Electronic Signature Law enforced from last year. 

However, only usage of digital signatures can no more than guarantee "who 
draft an electronic document and that it is not altered", and cannot guarantee "when" the 
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document was drafted. Further, validity of digital signatures has temporal restriction: 
validity of digital signatures will be lost by expiration of validity period or revocation of 
a public-key certification, or putting keys and algorithms to be used for digital 
signatures under threat. Therefore, some kind of new scheme is needed to ensure 
authenticity of electronic documents for long periods of time using digital signatures. 

3. Secure Storage 

Secure storage is a technique to preserve electronic documents for long periods 
of time while ensuring authenticity The general outline is shown below. 

3. 1 Guarantee of authenticity of electronic documents by electronic certificate 

In the secure storage, registration, search, reference, and deletion etc. are 
performed according to requests by clients. In such a case, the secure storage issues 
and manages electronic certifications to guarantees the following contents (Fig. 1). 

• The creator or the registration requesting party of a document , 

• The lodged document is not altered 

• The fact and the day and time of access, such as registration, search, reference and 
deletion etc. to the documents 

The electronic certification consists of information including a hash of the 
subject document, access information, a secure time stamp described in section 3 of 
chapter 3, and a corresponding digital signature for the information. Meanwhile, it is 
possible to maintain validity of the electronic documents for long periods of time thanks 
to the technique for retaining the legitimacy of digital signatures for long periods of 
time as described in section 2 of chapter 3. hi comparison to the conventionally 
proposed technique to ensure originality of documents by using tamper-proof hardware, 
whereby it has been difRcuh to verify the legitimacy of originality objectively, the 
technique now developed is implemented by software according to PKI, and therefore a 
third party can verify the legitimacy of originality easUy by using standard method. 

3.2 Ensuring validity of digital signature while keeping it for a long term 

The digital signature used in electronic certifications essentially has a possibility 
that it may become unable to guarantee its validity as time advances, for instance, in 
such a case of expiration of a validity period or revocation of a public key certification, 
or keys and algorithms put under threat. Therefore, some schemes to recover such 
tenqjorary restrictions are needed. 

To deal with this situation, a technique for extending information concerning 
revocation of digital certifications and a secure time stamp to a digital signature, based 
on formats whose standardization are now underway in IETF (Internet Engineering Task 
Force) and ETSI (European Telecommunication Standards Institute), is developed (Fig. 
2). The technological development is implemented as a member of long-term 
reservation technique for computerized documents examining consortium as a part of 
"E-Govemment information security infi-astructure technical development project - 
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validity date extension technical development of electronic signature for preservation of 
documents for a long term" by IPA. 

It is assumed that in comparison with the formats whose standardization are being 
underway, extension and preservation of signatures are performed by the interested 
party itself such as a creator of a digital signature or a verifier. The technique now 
developed is improved in that extension and preservation procedure of signature can be 

entrusted to third parties. 

By using the technique, it is made possible to provide validity period extension 
service of digital signature for recovering temporal restriction held by digital signatures 
as a service by a third party alone. 

3.3 Guarantee of created date and time of the electronic documents 

The digital signature can guarantees the creator of data or that the data has not been 
altered, however, cannot guarantee time, for example, what date and time the data is 
created. 

A secure time stanp is a technique that guarantees the following two items for 
digital data: 1. The digital data existed at a particular point in time; 2. The digital data 
has not been altered at or after the particular point in time. The time stamp is a format 
made in a manner in which a digital signature is appended to a combination of a hash 
value of data that a Time Stamp authority desires to prove, and time information (Fig. 3), 
whose standardization effort has been underway in IETF, and is standardized as 

RFC3161. J J J 

We develop time stamp server software in conformity with IETF standard, and 
utilize it for creating electronic certifications and extension of validity periods of digital 
signatures. 

Features of secure storage are as a whole shown below. 

1 . Guarantee authenticity of electronic documents by issuing an electronic certification 
whereto a secure time stamp is appended. 

2. Maintain the validity of the digital signature by means of validity period extension 
of signature, and guarantee authenticity of signed documents and electronic 
certifications for long periods of time. 

3. Agents as third parties entrusted by the signer or the verifier can preserve the 
electronic signed documents for long periods of time. 

4. Standard data formats are adopted, therefore, verification of authenticity needs not 
be entrusted to an authority but can be implemented by the client itself (the signer, 
the verifier, the arbitrator). 

4. Application of the secure storage for the electronic medical chart 

It was suggested in the report on "Commission on practical use of medical 
records such as medical charts" of Ministry of Health and Welfare held in June 1998 
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that computerization of medical records should be further promoted. Further, the 
criterion for preservation, by electronic media is specified in "On storage of electronic 
media such as medical records" released on April 22, 1999. The criterion depends on 
"authenticity, legibility and storage stability (Three principles of electronic storage)" as 
a basis, and further refers to "privacy protection" and "evidential capacity, probative 
value". 

It is hereinafter described positioning, necessity and case examples of application 
of the secure storage for the electronic medical chart. 

4.1 Mutually conq^lementally relation between technical measures and operational 
measures 

When the electronic medical chart is introduced, technical measures and 
operational measures are to address securement of authenticity, legibility, storage 
stability, privacy protection and evidential capacity, probative value, in a mutually 
complementary manner. Therefore, the more reliable technical measures become, the 
simpler operable measures become. It is desirable for personnel in charge of 
promoting introduction of electronic medical chart system to introduce a system with 
adequate technical measures performed and with operational cost kept low. The secure 
storage is able to support securement of three principles of electronic storage from the 
technical aspect, and makes it easy to ensure evidential capacity and probative value. 

4.2 Ensuring evidential capacity and probative value 

According to "Report of system reexamination working group of Headquarters for 
promotion of advanced information and communications society as of June 1996", it is 
stated that "for ensuring evidential capacity and probative value of electronic data, it is 
necessary to improve the rehability of electronic data by ensuring integrity of input and 
output of data, as well as by diminishing possibility of data alteration, and further to 
clarify one who owes the responsibility for the reliability of electronic data". 
Probative value depends on the arbitrary judgment by judges. On the other hand, the 
evaluation depends on the evaluation of integrity of electronic data etc., therefore, it is 
extremely important feature that integrity of electronic data is guaranteed by technical 
measures. 

The secure storage has "electronic notary function" to ensure authenticity of 
electronic documents by issuing electronic certifications that indicate "user", "contents 
of data", "time", and "type of commitment or operation (such as whether input or output 
is performed)" according to details of data input and output by users. Due to the 
function, the secure storage can technically guarantee the integrity and be of help to 
ensure evidential capacity and probative value. 

4.3 Diminishing possibility of data alteration 

There exists an obligation to preserve medical charts for five years according to 
medical practitioners law. Electronic medical charts only need smaller storage space 
in comparison to the conventional paper-based medical charts, therefore, electronic 
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medical charts can be stored longer periods of time. Some advanced clinics are 
promoting a project to store lifetime amount of electronic medical charts of patients 
under the concept of "Lifelong use of electronic medical charts". In such a case when 
long-term storage for nearly 100 years is needed, ciphers commonly used at the present 
time will become obsolete, and it will become difficult to prevent alteration of data only 
by appending regular electronic signatures. Therefore, the secure storage adopts a 
system that sustains long-term storage using the validity period of signature extending 
technique. 

4.4 Cooperation with the electronic medical chart system 

The secure storage is only a storage and it stores medical charts in their state 
securely for long periods of time, therefore, the medical charts are needed to be stored 
in such a structure that the medical charts will be legible into the future to guarantee 
legibility of data stored for long periods of time. However, the electronic medical 
chart systems are developed by vendors of healthcare information systems in their own 
specifications, and Aerefore, when electronic medical charts are stored in data 
structures unique to each vendor, it may become impossible to indicate medical charts 
when systems are replaced or so, and it may become impossible to guarantee long-term 
legibility. 

Therefore, we have established a scheme which guarantees cooperation with 
electronic medical chart system into the future and which guarantees legibility of 
medical charts on their own by storing as medical charts XML files in "The Japanese set 
of identifiers for medical record information exchange" (hereinafter referred to as 
"J-MIX") drafted by projects sponsored by Ministry of Health and Welfare in fiscal year 
1999. The electronic medical chart system has only to transfer medical chart data as a 
XML file in J-MIX format to the secure storage on the day the data is settled and 
processed. The rest of the securement process of the three principles of electronic 
storage is implemented by electronic certifications managed by the secure storage, 
therefore, there is no need to establish a high cost electronic storage system at the 
electronic medical chart system side. 

4.5 Case example of application to electronic medical chart system 

The system described in the figure on the page of summary is adopted in the 
healthcare information network promotion project in Minami-Bousou area whose center 
is Kameda Medical Center of Tetsusyou-kai Healthcare Corporation in 
"Healthcare-centered network promoting project by utilizing advanced IT - Regional 
healthcare informatization with a focus on medical records" by Ministry of Economy, 
Trade and Industry. In this project, to realize the three principles for electronic storage 
in the electronic medical chart system for regional aUiances, a backup of the original of 
the medical charts in an ASP-type electronic medical chart system for regional alliances 
is stored as a XML file in J-MIX format. 
5. Conclusion 
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In computerization of documents, "long-term storage of original" regarded as a final 
step of the lifecycle of documents has been left behind, and has been a strong factor 
which prevents moving from a paper-based system. The secure storage is a technique 
that enables storing electronic original for long periods of time by making full use of the 
digital signature technique which has achieved legal support by implementation of 
Electronic Signature Law. 

In the medical field, external preservation of electronic medical charts has been 
considered in Ministry of Health, Labour and Welfare, and it is assumed that the 
ASP-type electronic medical chart system which has been conventionally impossible 
will be widely used in future. Further, there is a need to store the electronic medical 
charts conventionally stored inside hospitals in a further robust data center. By 
utilizing the secure storage as what fulfills such needs, the electronic medical chart 
system can be established in low cost. 

The secure storage has an electronic notary function to guarantee various 
commitments to electronic documents, and can be utilized not only for storage of 
electronic original but also for nonrepudiation in a case of exchanging electronic data or 
electronic documents such as EDI. We think it is possible for the secure storage we 
propose to contribute to promoting paperless and introducing information technology in 
medical and many other fields. 
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